Authentication of a smart pen and computing device

ABSTRACT

Method and system are provided for authentication for pairing of a smart pen with a computing device. The method, which is carried out at a smart pen, may include: sensing a signature event carried out by a user writing with the smart pen on an input user interface of the computing device; recording a signature resulting from the signature event; authenticating the signature by comparing to a stored previously recorded signature at the smart pen. If the authenticating is successful, the method activates connection of the smart pen with the computing device using a communication channel. A corresponding method is carried out at the computing device at which the signature event is carried out.

BACKGROUND

The present invention relates to authentication of a smart pen and acomputing device, and more specifically, to authentication of suchdevices before pairing.

Smart pens are defined as pens that include an embedded processor andsensor functionality. Smart pens may be used as traditional pens towrite on paper while synchronizing with a computing device to transferinput data of written notes to the computing device. Other forms ofsmart pens may require a dedicated smart pad that records thehandwriting that may be communicated concurrently or at a later time toa computing device.

When using smart pens it is important that their use is dynamic and thatthe user does not experience any considerable delays when compared totraditional pen and paper. Currently a smart pen is connected to adevice by a communication channel, such as Bluetooth or Wi-Fi.

Connecting to a Bluetooth communication channel can be very timeconsuming. For example, a user may have to unlock their device, turnBluetooth on, search for Bluetooth devices, select the smart pen, andinput a password to connect to that device.

Smart pens may use Wi-Fi as a communication channel to authenticate andconnect to devices. Such devices may only connect to other devices inthe same local area network (LAN) if authentication between the deviceshas been previously established. However, accessible Wi-Fi networks arenot always available.

An authentication of a smart pen and a computing device may take placeonce a connection has been established between the smart pen and thecomputing device, for example, by exchanging codes or identifiers. Thismay lead to snooping on a connection by an unscrupulous third party.

Therefore, there is a need in the art to address the aforementionedproblems

SUMMARY

According to an aspect of the present invention there is provided acomputer-implemented method carried out at a smart pen forauthentication for pairing with a computing device, comprising: sensinga signature event carried out by a user writing with the smart pen on aninput user interface of the computing device; recording a signatureresulting from the signature event; authenticating the signature bycomparing the signature to a stored previously recorded signature at thesmart pen; and wherein, based on the authenticating being successful,activating connection of the smart pen with the computing device using acommunication channel.

The described aspects of the invention provide the advantage ofproviding authentication of a user of a smart pen before the smart penis connected to a computing device. A single event may authenticate theuser at both the smart pen and the computing device and then establish aconnection and pair the smart pen and the computing device.

The method may also include, once connection is activated, carrying outa pairing procedure including exchanging signature data relating to thesignature event and establishing pairing of the smart pen and thecomputing device if the exchanged signature data corresponds.

Exchanging signature data provides further verification that the correctsmart pen and the computing device are establishing pairing.

Recording the signature may record metadata of the signature includingstatic signing characteristics and/or dynamic signing characteristicsand authenticating the signature may compare the metadata to storedmetadata of a previously recorded signature.

Activating connection may include one or more of: unlocking the smartpen, switching on a communication channel at the smart pen, and locatinga reference to the computing device's communication channel.

Exchanging signature data may send first signature data derived from thesignature event to the computing device and may receive second signaturedata from the computing device, and wherein the method may furtherinclude comparing the first and second signature data to ensure theyrelate to a single signature event. The first signature data may includea timestamp of the signature event at the smart pen and the secondsignature data may include a timestamp of the signature event at thecomputing device, and comparing the first and second signature data mayverify or ensure the timestamps are within a defined time period. Thefirst signature data may include an image of the signature or mayinclude data derived from metadata of the signature.

This method may also include a registration process for recording andstoring a signature at the smart pen carried out by a user writing withthe smart pen on the input user interface of the computing device.

Authenticating the signature by comparing to a stored previouslyrecorded signature at the smart pen may substantially match thesignature to one of a plurality of stored signatures for differentcomputing devices and/or different users of the smart pen. The methodmay include receiving a second signature event and carrying out thedefined method to change a connection to a second computing device.

The signature event may sign a graphic input of the user in the form ofone or a combination of the group of: a name, a word, a phase, a stringof characters, and a drawn graphic.

According to another aspect of the present invention there is provided acomputer-implemented method carried out at a computing device forauthentication for pairing with a smart pen, comprising: receiving asignature event carried out by a user writing with the smart pen on aninput user interface of the computing device; recording a signatureresulting from the signature event; authenticating the signature bycomparing the signature to a stored previously recorded signature at thecomputing device; and wherein, if the authenticating is successful,activating connection of the computing device with the smart pen using acommunication channel.

The method may include, once connection is activated, carrying out apairing procedure including exchanging signature data relating to thesignature event and establishing pairing of the smart pen and thecomputing device if the exchanged signature data corresponds.

Recording the signature may record metadata of the signature includingstatic signing characteristics and/or dynamic signing characteristicsand authenticating the signature may compare the metadata to storedmetadata of a previously recorded signature.

Activating connection may include one or more of: unlocking thecomputing device, switching on a communication channel at the computingdevice, and locating a reference to the smart pen's communicationchannel.

Exchanging signature data may send second signature data derived fromthe signature event to the smart pen and may receive first signaturedata from the smart pen, and wherein the method includes comparing thefirst and second signature data to ensure they relate to a singlesignature event.

The first signature data may include a timestamp of the signature eventat the smart pen and the second signature data may include a timestampof the signature event at the computing device, and comparing the firstand second signature data may ensure the timestamps are within a definedtime period. The first signature data may include an image of thesignature or data derived from metadata of the signature.

The method may also include a registration process for recording andstoring a signature at the computing device carried out by a userwriting with the smart pen on the input user interface of the computingdevice.

Authenticating the signature by comparing to a stored previouslyrecorded signature at the computing device may substantially match thesignature to one of a plurality of stored signatures for different smartpens and/or different users of the smart pen. The method may includereceiving a second signature event and carrying out the defined methodto change a connection to a second smart pen

The signature event may sign a graphic input of the user in the form ofone or a combination of the group of: a name, a word, a phase, a stringof characters, and a drawn graphic.

A smart pen for authentication for paring with a computing device, aswell as a computing device for authentication for pairing with a smartpen, relating to one or more aspects, are also described and claimedherein. In addition, a computer program product carried out at a smartpen for authentication for pairing with a computing device, and acomputer program product carried out at a computing device forauthentication for pairing with a smart pen, relating to one or moreaspects, are also described and claimed herein.

Additional features and advantages are realized through the techniquesof the present invention. Other embodiments and aspects of the inventionare described in detail herein and are considered a part of the claimedinvention.

BRIEF DESCRIPTION OF THE DRAWINGS

The subject matter regarded as the invention is particularly pointed outand distinctly claimed in the concluding portion of the specification.The invention, both as to organization and method of operation, togetherwith objects, features, and advantages thereof, may best be understoodby reference to the following detailed description when read with theaccompanying drawings.

Embodiments of the present invention are described below, by way ofexample only, with reference to the drawings, in which:

FIG. 1 is a swim-lane type flow diagram of an example embodiment of amethod, in accordance with one or more aspects of the present invention;

FIG. 2A is a flow diagram of one embodiment of a process executed at acomputing device, in accordance with one or more aspects of the presentinvention;

FIG. 2B is a flow diagram of one embodiment of a process executed at asmart pen, in accordance with one or more aspects of the presentinvention;

FIG. 3 is a flow diagram of one embodiment of further processing, inaccordance with one or more aspects of the present invention;

FIG. 4 is a block diagram of one embodiment of a smart pen, inaccordance with one or more aspects of the present invention;

FIG. 5 is a block diagram of one embodiment of a computing device, inaccordance with one or more aspects of the present invention

FIG. 6 is a block diagram of one embodiment of a general smart pen, inwhich one or more aspects of the present invention may be implemented;and

FIG. 7 is a block diagram of one embodiment of a general computingdevice, in which one or more aspects of the present invention may beimplemented.

It will be appreciated that for simplicity and clarity of illustration,elements shown in the figures have not necessarily been drawn to scale.For example, the dimensions of some of the elements may be exaggeratedrelative to other elements for clarity. Further, where consideredappropriate, reference numbers may be repeated among the figures toindicate corresponding or analogous features.

DETAILED DESCRIPTION

The described methods and systems use a smart pen to sign on an inputuser interface of a target computing device to provide a singlesignature event which may be authenticated at each of the smart pen andcomputing device prior to connection of the smart pen and the computingdevice. Once the signature event has been authenticated at each device aconnection and pairing of the devices may be carried out.

Both the smart pen and the computing device are required to recognizethe user's signature in order to authorize the pairing. The connectionand pairing may then be initiated automatically. Optionally, additionalverification of the signature event may be carried out by exchangingsignature data as part of the pairing process.

This method may require a short initial registration and will thengreatly speed up authentication and the pairing process for subsequentpairing of the same devices whilst maintaining security.

The term “connection” is used to refer to communication of devices priorto pairing where the two devices may communicate to provide someinformation about the devices but have not yet been fully paired. Theterm “pairing” is used herein to define a communication establishedbetween two specific devices using a communication channel for thetransfer of data. Pairing may require an exchange of codes oridentifiers of the two devices or a handshake procedure. Pairing mayestablish a secure communication between the two devices, for example,including encryption of transmitted data. Pairing may also refer tosubsequent connection of paired devices when the connection has beeninterrupted. Such subsequent connection may be more straightforward ascodes may not need to be re-exchanged to recognize the pairingrelationship.

The communication channel between the smart pen and the computing devicemay be any suitable wireless communication including Bluetooth, WiFi,Infrared, Radio-frequency identification (RFID), and Visual LightCommunication. In an alternative embodiment, the communication channelmay be a wired connection, for example, if the smart pen is connected toa USB port of the computing device, for charging as well ascommunication of data.

The smart pen may be used in conjunction with a computing device in theform of a touchscreen device that enables the user to sign using thesmart pen on the touchscreen user interface of the computing device.Automatic authenticating and initializing of pairing may be carried outbetween the touchscreen device and the smart pen using a singlesignature where the signature is penned by a user using the smart pen onthe touchscreen device.

In an alternative embodiment, a non-touchscreen computing device may usean input user interface in the form of a signature receiving device suchas a signature pad or graphics tablet which may be connected to thecomputing device, for example as a universal serial bus (USB)attachment. The term computing device is used which includes atouchscreen device or non-touchscreen device with an auxiliary signaturereceiving device.

Both the smart pen and the computing device may record the signaturepenned by the user as a registered default signature. The signature maybe any form of graphic input by the user; for example, a classicsignature signing a user's name, a signed password, phrase or string ofcharacters or numerals, a drawn graphic, or a combination of any ofthese inputs. The term “signature” is defined to include all these formsof graphic input.

The signature may be recorded as the image of the signature and/or ascharacteristics of the signature such as the flow, speed, pressure, andstyle of the user input.

The registered relationship may be a three-way relationship between theuser, the smart pen, and the computing device. The smart pen mayidentify which computing device to connect to depending on the signaturepenned. The smart pen and/or the computing device may also recognize theuser based on the penned signature.

The method may include automatically activating or turning-on acommunication channel of both the computing device and the smart pendevice and pairing them, after the signature has been authenticated atboth the computing device and the smart pen. The authentication happensat each device before the devices are paired or connected and removes asignificant effort of the user to pair the devices by removing the needfor the user to command each device individually to pair with eachother. In a specific example, a user may sign with a smart pen on atablet screen and both the tablet and the smart pen may authenticate thesignature, and only after this authentication will they turn on theirBluetooth to pair with each other.

The method may also allow connection of locked smart pens and devices. Acomputing device such as a tablet might be locked when the user carriesout the signature, but authenticating this signature may unlock thetablet and connect it to the smart pen. A smart pen may also be lockedand using it to write a signature may unlock the smart pen.

Monitoring a single action in the form of the signature at the same timeon both the smart pen and the computing device and authenticating thesignature independently allows the user to authenticate and connect bothdevices with a single command.

During an initial use of a smart pen at a computing device, thesignature may be registered and recorded for future use. For re-pairingthe smart pen in future with the computing device or another previouslyused computing device, the method authenticates the signature bycomparing the signature with the previously recorded and storedsignature.

The smart pen and the computing device may make sure they are pairingwith the correct counterpart by exchanging tokens over the communicationchannel during the pairing process.

The method speeds up the pairing process significantly as users onlyneed to sign with their smart pen on any touch-enabled computing deviceand that will be sufficient to authenticate and connect the two devices.This can be very convenient when switching between multipletouch-enabled devices (for example, when controlling both a tablet and acomputer with the same smart pen).

Furthermore, the authentication step before connection adds an extralayer of security, as it makes sure the user of the smart pen is thesame as the user of the computing device, and there are no unwantedconnections in a room which may have multiple smart pens.

An advantage of this method is that the connection starts after theauthentication step. Both devices perform authentication before they areconnected and independently of each other. The advantage of this is thatit decreases the chance of someone being in the middle, snooping on theconnection to unlock one of the devices. The token exchange duringpairing is an additional verification.

Referring to FIG. 1, a swim-lane type flow diagram 100 shows oneembodiment of a method at both a smart pen 110 and a computing device120, in accordance with one or more aspects of the present invention.

A signature event may be carried out 101 by the smart pen 110 on aninput user interface of the computing device 120. The input userinterface may be either a touchscreen of the computing device or anauxiliary input device connected to the computing device.

The smart pen 110 may record 111 the signature as it is input in thesignature event. The signature record at the smart pen may includestatic characteristics such as an image of the signature as captured orinterpreted by the smart pen during input, for example, as captured byan optics sensor. The signature record at the smart pen may also includedynamic characteristics of the input such as speed, flow, pressure,style, etc. which may be captured and measured by an internalaccelerometer, gyroscope and pressure sensors of the smart pen. Thedynamic characteristic measurements and data may be analyzed andinterpreted by software functionality of the smart pen.

The computing device 120 may record 121 the signature as it is receivedin the signature event. The signature record at the device may alsoinclude an image of the signature and dynamic characteristics of theinput such as speed, flow, pressure, style, etc. The touchscreenfunctionality may detect the image as well as dynamic characteristicsdetermined by the speed and acceleration and therefore the flow of thesignature. The pressure may be measured with a pressure-sensitive screenthat recent touchscreen devices have built in.

The recorded signature may be authenticated 112, 122 independently ateach of the smart pen 110 and the computing device 120. If this is afirst use of the smart pen 110 with the computing device 120, this mayinclude a registration process for the signature at both the smart pen110 and the computing device 120.

The authentication 112, 122 at each of the smart pen and the computingdevice 120 may compare a currently recorded signature in the form ofmetadata of the static and/or dynamic characteristics of the signaturewith the same metadata of the stored recorded signatures at each device.The term metadata is used to refer to any data derived or analyzed fromthe signature characteristics including the characteristics themselvessuch as the recorded signature image.

If this is a subsequent use of the smart pen 110 at the computing device120, the authentication 112, 122 may involve looking up a recordedsignature including its associated dynamic characteristics forcomparison with the input signature. Methods to match signatures tostored signatures may use image recognition and/or may compare dynamiccharacteristics to analyze the similarity of two signatures. Dynamiccharacteristics or information may be based on time t and include:spatial coordinates x(t) and y(t), pressure p(t), azimuth az(t),inclination in(t), and pen up/down.

It may be determined 113, 123 at each of the smart pen 110 and thecomputing device 120, if the authentication 112, 122 is successful. Ifin either case, it is not successful, then the method may loop tore-enter the signature 101 and may provide appropriate alerts ornotifications to the user.

If the authentication 112, 122 is successful, then a connectionactivation 114, 124 may be carried out at each of the smart pen 110 andcomputing device 120. The connection activation 114 at the smart pen mayinclude optionally unlocking the smart pen 110, activating thecommunication channel, if it is not already active, and identifying thecomputing device 120. The connection activation 124 at the computingdevice 120 may include optionally unlocking the computing device,activating the communication channel, if it is not already active, andidentifying the smart pen 110.

A pairing procedure 115, 125 between the smart pen 110 and the computingdevice 120 may then be carried out. The pairing procedure 115, 125 mayinclude exchanging a token that may be based on signature data of thesignature event 101 to further verify the correct devices are pairing.The signature data may be an image or metadata of the signature and/or atimestamp of the signature event to further verify the signature event101. For example, after the smart pen 110 and the device 124 connect,they may exchange a token that contains the timestamp of when eachsignature was received at that device. If the tokens match, the pairingprocess may complete. If the tokens do not match, the pairing processmay be terminated.

FIGS. 2A and 2B are flow diagrams 200, 250 of one embodiment of a methodas carried out at a computing device and smart pen, respectively, inaccordance with one or more aspects of the present invention. The smartpen may be supplied with programmed functionality to record andauthenticate a signature made with the smart pen and communicationpairing functionality for pairing to a computing device. The computingdevice may require computer instructions to be installed on thecomputing device, for example in the form of an application provided bya smart pen provider, providing the functionality required by thecomputing device for interacting with the smart pen.

Referring to FIG. 2A, a method at the computing device may start 201 andmay receive 202 and record a signature received at an input userinterface at the computing device input by a user using the smart pen.

It may be determined 203, if there is a stored signature on thecomputing device. If there is no signature stored on the computingdevice, the user may be taken through a registration process and thesignature may be stored 204 on the computing device. This may involvethe user providing further authentication and the smart pen beingidentified against the recorded signature. The method may then proceedto initiate connection 209 with the smart pen. The method may thenproceed 210 to the method of FIG. 3 described below.

If it is determined 203 that there are one or more signatures stored onthe computing device, it may then be determined 205 if the receivedsignature substantially matches a stored signature. If the receivedsignature substantially matches a stored signature, then the computingdevice may initiate connection 209 with the smart pen. The method maythen proceed 210 to the method of FIG. 3 described below.

If the received signature does not substantially match a storedsignature, then it may be determined 206 if the signature is incorrect,or if it should be registered as a new signature and may allow the userto re-enter the signature. This may involve notifying the user that anunmatched signature has been entered and may provide an option toregister a new signature. If the signature is to be registered, the usermay be taken through a registration process and the signature may bestored 204 on the computing device. The computing device may initiateconnection 209 with the smart pen and the method may then proceed 210 tothe method of FIG. 3 described below.

If the signature is not to be registered, then the computing device mayterminate 207 the process and alert the user of an incorrect signature.The method may then end 208.

Matching signatures may use known method of pattern or data matchingwithin threshold parameters. Data may be extracted or generated from thesignatures in the form of metadata which may be used for the matchingprocess.

In one embodiment, there may be multiple signatures stored on thecomputing device, for example in a scenario where a computing device isshared and multiple users use their own smart pens, or a single user hastwo different smart pens. The computing device may store a record of themultiple different signatures and may match a received signature.

A stored signature on the computing device may include details of thesmart pen's name to be found during pairing and/or a communicationprotocol used by the smart pen registered against the signature. Thismay increase security. However, if a user wishes to pair a new smart penusing the same signature this may require overwriting.

Referring to FIG. 2B, a method at the smart pen (in accordance with oneor more aspects of the present invention) may start 251 and may sense252 and record a signature at the smart pen as input by the user of thesmart pen at a computing device.

It may be determined 253, if there is a stored signature on the smartpen. If there is no signature stored on the smart pen, then the user maybe taken through a registration process and the signature may be stored254 on the smart pen. This may involve the user providing furtherauthentication and the computing device being identified against therecorded signature. The method may then proceed to initiate connection259 with the computing device. The method may then proceed 260 to themethod of FIG. 3 described below.

If it is determined 253 that there are one or more signatures stored onthe smart pen, it may then be determined 255 if the received signaturesubstantially matches a stored signature. If the received signaturesubstantially matches a stored signature, the smart pen may initiateconnection 259 with the computing device. The method may then proceed260 to the method of FIG. 3 described below.

If the received signature does not substantially match a storedsignature, it may be determined 256 if the signature is incorrect or ifit should be registered as a new signature. This may involve notifyingthe user that an unmatched signature has been entered and may allow theuser to re-enter the signature. If the signature is to be registered,the user may be taken through a registration process and the signaturemay be stored 254 on the computing device. The smart pen may initiateconnection 259 with the computing device and the method may then proceed260 to the method of FIG. 3 described below.

If the signature is not to be registered, then the smart pen mayterminate 257 the process and alert the user of an incorrect signature.The method may then end 258.

In the scenario where the smart pen is used with multiple computingdevices, a single signature may be stored for connection to any of thecomputing devices which have the signature stored. In an alternativeembodiment, a different signature may be used for each computing deviceand each stored signature at the smart pen may reference the correctcomputing device and optionally any preferred communication protocolused by the computing device registered against the signature.

In a further embodiment, the user may have a smart pen with a storedsignature and a backup computer also has the stored signature. Thesedevices may never have been connected or paired before; however, thedescribed method allows them to connect and pair by authenticating bothdevices using the signature. In this embodiment, the registration of thestored signature on the backup computer may be provided by the transferof a data file instead of signing at the backup computer with the smartpen.

Referring to FIG. 3, a flow diagram 300 shows an example embodiment ofthe further aspect of the described method of a pairing process betweena smart pen and a computing device following from the methods of FIGS.2A and 2B 301.

A pairing process for a communication protocol of a communicationchannel may be started 302. The communication protocol may be forcommunication channels in the form of Bluetooth, WiFi, Infrared, NFC,RFID or Visual Light Communication. This may include the smart pen andcomputing device turning on their communication channel capability, ifnot already on, and looking for the other device. If the pairing processis being carried out for the first time between two devices, then theprocess may involve exchange of codes or identification.

The smart pen and the computing device may exchange 303 signature dataof the signature event. For example, this may be an image, metadata orderived data of the signature received/input during the signature event.In one example, this may include a derived alpha-numerical value of thesignature event. In another example, the signature data may be atimestamp of the received/input signature either alone or in combinationwith other signature data.

It may be determined 304 if the exchanged signature data corresponds.This may not be an exchange of identical data, but may be correspondingdata such as an input flow of the smart pen signature that correspondsto a received input at the computing device.

If the signature data corresponds, the smart pen and the computingdevice may complete the pairing process and become fully paired enablingfull functionality of the smart pen. An alert may be sent to the uservia one or both the smart pen and the computing device indicating thesuccessful pairing. The method may then end 307.

If the signature data does not correspond, the pairing process betweenthe smart pen and the computing device may be terminated 308. This maybe terminated by one or both the smart pen and the computing devicedepending on which device identifies that the signature data does notcorrespond. If only one of the devices considers the signature data tonot correspond, that device will terminate the pairing process. An alertmay be sent to the user via one or both the smart pen and the computingdevice indicating an unsuccessful pairing 309 and the method may end310.

The method may include additional functionality for replacing anexisting signature or adding a second signature for a combination ofsmart pen and computing device.

In the case where the user wants to use one signature across twocomputing devices, when the user wishes to switch between two devices,the user may sign on the second computing device. The second computingdevice and the smart pen may simultaneously detect that the signaturehas been penned. This signature action may trigger the connectionprocedure. After the tokens are exchanged and the pairing is completed,the smart pen may disconnect its connection with the first computingdevice.

In the case where the user wants to use different signatures fordifferent computing devices, the connection procedure may happen in thesame way as described above, but from the user's perspective, it willappear that there is a separate process to pair with the secondcomputing device. This second signature may be compared to the storedsignature on the second computing device as before.

To summarize, a smart pen and a computing device may each recognize thata signature has been entered and may each authenticate a user if thesignature exists in the respective device. If no signature exists, thenit may be registered and stored as an authentic signature. In responseto the recognition of the signature, each device starts a connection anda pairing may be carried out containing information about the signature,and if the two match, then the devices are paired. Both devices are ableto process the same signature at the same time independently to start acommunication if they match their stored signatures.

Working Example:

The case is considered where User 1 buys a smart pen and wants to use itwith his touchscreen device, and in this example, a tablet. To initiatethe first ever pairing of the two devices, the user signs with the penon the tablet screen. Both devices recognize that a signature has beenexecuted. The tablet is able to do this as the user has previouslydownloaded an application for the smart pen that includes the softwareneeded for using the smart pen. However, because this is the firstinstance of pairing, User 1 also needs to authorize the signature hejust used and save it as his signature on the tablet.

The pre-loaded smart pen software on the tablet asks for the tablet'sadministrator password as authentication to store the signature used byUser 1. At the same time, the smart pen knows this is the first time itis being used (either as it comes with factory settings or because thereis no stored signature) so it automatically stores this first signatureas the default authentication signature.

The input of this first signature also triggers a connection and pairingprocess on both devices. The tablet turns its Bluetooth on and startslooking for a smart pen. It will also transmit an authentication signalthrough the Bluetooth unique to that signature, either by sending apicture or by assigning an alpha numerical value to the signature. Thesmart pen does the same; it turns its Bluetooth on and starts lookinganother Bluetooth device. It will only pair with the device that has thesame signature data. This can be done by both devices comparing thepictures of the signature that were input or by comparing the alphanumerical value that was assigned to the signature. Only if both sets ofdata match, and therefore both devices know the same signature was doneusing the two devices, will the smart pen and the touchscreen devicefully pair.

User 1 has now paired his tablet with his new smart pen. If User 1 turnshis tablet and his pen Bluetooth off to save battery (as it is oftendone), to reconnect and repair the two devices he just needs to sign onthe screen of the tablet again with the smart pen. This time the processis faster because the signature has already been stored, so the smartpen and the tablet only need to turn Bluetooth on, compare signaturedata, and pair which is all carried out with a single command.

User 1 may then buy a laptop, which he also pairs with his smart pen.One day, he wants to pair his tablet again with the smart pen havingbeen using the smart pen with the laptop in the intervening period.Using a conventional method, the user would have to disconnect thelaptop and the smart pen and then reconnect the smart pen with thetablet; however, using the described method the user only needs to signon the tablet touchscreen to pair, since both devices authenticate thesignature, identify the other device with the same signature data, andpair with each other. The smart pen pairs with the tablet and not thelaptop because the tablet Bluetooth signal is the only one that containsthe correct signature and time data. User 1 can revert to connection tothe laptop by signing on the laptop screen.

Different devices may use different signatures, for example of differentpasswords, or may use a single signature with a timestamp.

If User 2 comes along, picks up User's 1 smart pen and tries to turn iton by signing on User's 1 tablet, the devices will not pair because User2's signature does not match User's 1 signature that is stored as theauthentication signature. This way people in the same working areacannot control User 1's device by just picking up the smart pen withoutknowing his signature.

The described method uses a single physical command of the user, in thiscase the signature, for both devices to establish authentication and topair with each other.

This single command also allows both devices to automatically know whichdevice they need to pair with, because the inputted command wasidentical and simultaneous on both devices. The devices may use the timeof signature to authenticate as an extra layer of security, since bothtimes should be approximately the same. This allows users to switchbetween paired devices very easily.

In the described method, connection between the devices only happens ifthe signature authentication at each of the smart pen and a computingdevice is successful.

The advantages of this method are a decrease in the chance of someonebeing in the middle, snooping on the connection to unlock one of thedevices. Another advantage is the smart pen is not dependent on one“parent” device. The smart pen can be unlocked irrespective of whichcomputing device it ends up connecting to. This allows for the smart pento connect and switch between multiple devices fast by just signing on atouchscreen or auxiliary input of a computing device. This process onlytakes approximately 1 to 10 seconds as opposed to the conventionalmethod of pairing manually that takes 30-60 seconds.

A problem may arise if two people sign the same signature on twodifferent devices, in an attempt to trick the system. The devices in thedescribed method monitor more than just a signature picture. They alsomonitor the speed and way in which the person signs. Therefore a personthat is faking a signature would need a lot of skill to mimic it.Furthermore, devices exchange a token during the pairing. This mayensure that both devices were signed at the same time or otherwisematch. If there is a discrepancy in the tokens the pairing does not takeplace.

The described method involves two devices monitoring a single action atthe same time in the form of the signature.

As noted initially, a smart pen for authentication for pairing with acomputing device, as well as a computing device for authentication forpairing with a smart pen, are also provided herein. In addition, acomputer program product carried out in a smart pen for authenticationfor pairing with a computing device, as well as a computer programproduct carried out at a computing device for authentication for pairingwith a smart pen, are also provided. These aspects are summarizedfurther below, and then discussed in greater detail with reference toFIGS. 4-7.

According to a further aspect of the present invention there is provideda smart pen for authentication for pairing with a computing device, thesmart pen having a processor and a memory configured to provide computerprogram instructions to the processor to execute the function of thedefined components, the smart pen including: an input system for sensinga signature event carried out by a user writing with the smart pen on aninput user interface of the computing device; a signature eventrecording component for recording a signature resulting from thesignature event; a signature authentication component for authenticatingthe signature by comparing the signature to a stored previously recordedsignature at the smart pen; and a connection activation component foractivating connection of the smart pen with the computing device using acommunication channel if the authenticating is successful.

The smart pen may include a pairing verification component for, onceconnection is activated, carrying out a pairing procedure includingexchanging signature data relating to the signature event andestablishing pairing of the smart pen and the computing device if theexchanged signature data corresponds.

The signature event recording component may record metadata of thesignature including static signing characteristics and/or dynamicsigning characteristics and the signature authentication componentcompares the metadata to stored metadata of a previously recordedsignature.

The connection activation component may include one or more of: anunlocking component for unlocking the smart pen, a communication channelactivation component for switching on a communication channel at thesmart pen, and a device identifying component for locating a referenceto the computing device's communication channel.

The pairing verification component may include a signature datagenerating component for generating the signature data as an image ofthe signature or as data derived from static or dynamic characteristicsof the signature.

The signature authentication component may compare the signature of thesignature event a plurality of stored signatures for different computingdevices and/or different users of the smart pen.

According to a further aspect of the present invention there is provideda computing device for authentication for pairing with a smart pen, thecomputing device having a processor and a memory configured to providecomputer program instructions to the processor to execute the functionof the defined components, the computing device comprising: a userinterface for receiving a signature event carried out by a user writingwith the smart pen on the user interface; a signature event recordingcomponent for recording a signature resulting from the signature event;a signature authentication component for authenticating the signature bycomparing the signature to a stored previously recorded signature at thecomputing device; and a connection activation component for activatingconnection of the computing device with the smart pen using acommunication channel if the authenticating is successful.

The computing device may include a pairing verification component for,once connection is activated, carrying out a pairing procedure includingexchanging signature data relating to the signature event andestablishing pairing of the smart pen and the computing device if theexchanged signature data corresponds.

The signature event recording component may record metadata of thesignature including static signing characteristics and/or dynamicsigning characteristics and the signature authentication componentcompares the metadata to stored metadata of a previously recordedsignature.

The connection activation component may include one or more of: anunlocking component for unlocking the computing device, a communicationchannel activation component for switching on a communication channel atthe computing device, and a device identifying component for locating areference to the smart pen's communication channel.

The pairing verification component may include a signature datagenerating component for generating the signature data as an image ofthe signature or as data derived from static or dynamic characteristicsof the signature.

The signature authentication component may compare the signature of thesignature event a plurality of stored signatures for different smartpens and/or different users of the smart pen.

According to a still further aspect of the present invention there isprovided a computer program product carried out at a smart pen forauthentication for pairing with a computing device, the computer programproduct comprising a non-transient computer readable storage mediumhaving program instructions embodied therewith, the program instructionsexecutable by a processor to cause the processor to: sense a signatureevent carried out by a user writing with the smart pen on an input userinterface of the computing device; record a signature resulting from thesignature event; authenticate the signature by comparing the signatureto a stored previously recorded signature at the smart pen; and wherein,if the authenticating is successful, activate connection of the smartpen with the computing device using a communication channel.

According to a still further aspect of the present invention there isprovided a computer program product carried out at a computing devicefor authentication for pairing with a smart pen, the computer programproduct comprising a non-transient computer readable storage mediumhaving program instructions embodied therewith, the program instructionsexecutable by a processor to cause the processor to: receive a signatureevent carried out by a user writing with the smart pen on an input userinterface of the computing device; record a signature resulting from thesignature event; authenticate the signature by comparing the signatureto a stored previously recorded signature at the computing device; andwherein, if the authenticating is successful, activate connection of thecomputing device with the smart pen using a communication channel.

Referring to FIG. 4, a block diagram shows a smart pen 110 of thedescribed system with functionality for authentication for connectionwith a computing device 120 as shown in FIG. 5.

The smart pen 110 may include a processor 401, a hardware module, or acircuit for executing the functions of the described components whichmay be software units executing on the at least one processor. Memory402 may be configured to provide computer instructions 403 to the atleast one processor 401 to carry out the functionality of thecomponents. The smart pen 110 may be any form of smart pen 110 known inthe art with additional functionality of authentication and pairing asdescribed herein. A generic smart pen 110 is described further inrelation to FIG. 6.

The smart pen 110 may include an input system 404 for sensing writingwith the pen by a user including signature events on an input userinterface of a computing device. A signature event may be signatureevent signs a name, writes a word or phrase, or draws a picture. Theinput system 404 may include multiple sensors to sense the user actionof the smart pen 110.

A device authentication and pairing component 410 may be provided at thesmart pen 110 for pairing with a computing device via a communicationchannel. This may be in the form of computer instructions installed inthe smart pen 110 either at manufacture or as a subsequently downloadedapplication.

The device authentication and pairing component 410 may include asignature event receiving component 411 for receiving informationregarding a signature event from the input system 404 of the smart pen110. There may be a user input that indicates to the deviceauthentication and pairing component 410 that a signature event istaking place as opposed to other writing operation of the smart pen 110or this may be a first input made with the smart pen 110 after a dormantphase. The device authentication and pairing component 410 may include asignature event recording component 412 for recording a signatureresulting from the signature event and a signature storage 413 may beprovided for storing such signatures. The signature event recordingcomponent 412 may record metadata of the signature including signingcharacteristics and/or an image of the signature.

The device authentication and pairing component 410 may include aregistration component 414 for recording and storing a first use of asignature carried out by a user writing with the smart pen 110 on aninput user interface of a computing device. The registration component410 may require additional user verification at the smart pen 110 suchas an administrator password.

The signature storage 413 may include a plurality of stored signaturesfor different computing devices and/or different users of the smart pen110. Each of the plurality of stored signatures may reference acomputing device and a communication channel of the computing device.

The device authentication and pairing component 410 may include asignature authentication component 415 that compares the signature of acurrent signature event to one or more stored signatures in thesignature storage 413. The signature authentication component 415compares the metadata of a signature to stored metadata of a previouslyrecorded signature in order to find or confirm a substantial match. Thiscomparison may use pattern matching or other appropriate techniques tomatch the signatures.

The device authentication and pairing component 410 may include aconnection activation component 420 for activating a communicationchannel of the smart pen 110 if the authentication by the signatureauthentication component 415 is successful. The connection activationcomponent 420 may include a communication channel activation component421 for switching on a communication channel at the smart pen 110 and adevice identifying component 422 for locating a reference to thecomputing device's communication channel. The connection activationcomponent 420 may also include an unlocking component 423 for unlockingthe smart pen 110 if the authentication by the signature authenticationcomponent 415 is successful.

The device authentication and pairing component 410 may include apairing verification component 430 for exchanging signature datarelating to the signature event and only accepting pairing if theexchanged signature data corresponds. The pairing verification component430 includes a signature data generating component 431 for generatingthe signature data as is an image of the signature or as data derivedfrom metadata of the signature, which may include a timestamp of thesignature event.

The pairing verification component 430 may include a signature dataexchange component 433 for sending first signature data derived from thesignature event to the computing device and receiving second signaturedata from the computing device. The pairing verification component 430may include a signature data verification component 432 for comparingthe first and second signature data to ensure they relate to a singlesignature event.

In one embodiment, the first signature data may be a timestamp of thesignature event at the smart pen 110 and the second signature data maybe a timestamp of the signature event at the computing device, and thesignature data verification component 432 may compare the first andsecond signature data to ensure the timestamps are within a defined timeperiod.

The device authentication and pairing component 410 may also include apairing completion component 416 for finalizing a pairing process of thesmart pen 110 with a computing device 120, and an alert component 417for indicating to the user of the smart pen 110 that a pairing hassucceeded or failed. The device authentication and pairing component 410may also include a device switching component 418 for receiving andrecognizing a new signature event at the smart pen 110 indicating anintended pairing with another computing device 120. The device switchingcomponent 418 may prompt a new authentication and pairing process.

Referring to FIG. 5, a block diagram shows a computing device 120 of thedescribed system with functionality for authentication for connectionwith a smart pen 110, such as shown in FIG. 4.

The computing device 120 may include a processor 501, a hardware module,or a circuit for executing the functions of the described componentswhich may be software units executing on the at least one processor.Memory 502 may be configured to provide computer instructions 503 to theat least one processor 501 to carry out the functionality of thecomponents. The computing device 120 may be any form of computing device120 capable of interacting with a smart pen 110 with additionalfunctionality of authentication and pairing as described herein. Ageneric computing device 120 is described further in relation to FIG. 7.

The computing device 120 may include a user interface 504 for receivinginput of writing with a smart pen by a user. The user interface 504 maybe, for example, a touchscreen interface or auxiliary input device witha receiving pad. The user interface 504 may receive a signature event inthe form of input of a name, a word or phrase, or a picture.

A device authentication and pairing component 510 may be provided at thecomputing device 120 for pairing with a smart pen via a communicationchannel, which may be in the form of computer instructions installed onthe computing device 120.

The device authentication and pairing component 510 may include asignature event receiving component 511 for receiving informationregarding a signature event from the user interface 504 of the computingdevice 120. There may be a user input that indicates to the deviceauthentication and pairing component 510 that a signature event istaking place. The device authentication and pairing component 510 mayinclude a signature event recording component 512 for recording asignature resulting from the signature event and a signature storage 513may be provided for storing such signatures. The signature eventrecording component 512 may record metadata of the signature includingsigning characteristics and/or an image of the signature as recorded bythe user interface 504.

The device authentication and pairing component 510 may include aregistration component 514 for recording and storing a first use of asignature carried out by a user writing with a smart pen on the userinterface 504 of the computing device 120. The registration component510 may require additional user verification at the computing device120, such as an administrator password.

The signature storage 513 may include a plurality of stored signaturesfor different smart pens and/or different users of smart pens and/ordifferent users of the computing device 120. Each of the plurality ofstored signatures may reference a smart pen or user and a communicationchannel of a referenced smart pen.

The device authentication and pairing component 510 may include asignature authentication component 515 that compares the signature of acurrent signature event to one or more stored signatures in thesignature storage 513. The signature authentication component 515compares the metadata of a signature to stored metadata of a previouslyrecorded signature in order to find or confirm a substantial match. Thiscomparison may use pattern matching or other appropriate techniques tomatch the signatures.

The device authentication and pairing component 510 may include aconnection activation component 520 for activating a communicationchannel of the computing device 120 if the authentication by thesignature authentication component 515 is successful. The connectionactivation component 520 may include a communication channel activationcomponent 521 for switching on a communication channel at the computingdevice 120 and a smart pen identifying component 522 for locating areference to the smart pen's communication channel. The connectionactivation component 520 may also include an unlocking component 523 forunlocking the computing device 110 if the authentication by thesignature authentication component 415 is successful.

The device authentication and pairing component 510 may include apairing verification component 530 for exchanging signature datarelating to the signature event and only accepting pairing if theexchanged signature data corresponds. The pairing verification component530 may include a signature data generating component 531 for generatingthe signature data as is an image of the signature or as data derivedfrom metadata of the signature, which may include a timestamp of thesignature event.

The pairing verification component 530 may include a signature dataexchange component 533 for sending second signature data derived fromthe signature event to the smart pen and receiving first signature datafrom the smart pen. The pairing verification component 530 may include asignature data verification component 532 for comparing the first andsecond signature data to ensure they relate to a single signature event.

In one embodiment, the first signature data may be a timestamp of thesignature event at the smart pen and the second signature data may be atimestamp of the signature event at the computing device, and thesignature data verification component 532 may compare the first andsecond signature data to ensure the timestamps are within a defined timeperiod.

The device authentication and pairing component 510 may also include apairing completion component 516 for finalizing a pairing process of thecomputing device 120 with a smart pen 110, and an alert component 517for indicating to the user of the computing device 120 that a pairinghas succeeded or failed. The device authentication and pairing component510 may also include a pen switching component 518 for receiving andrecognizing a new signature event at the computing device 120 indicatingan intended pairing with another smart pen 110. The pen switchingcomponent 518 may prompt a new authentication and pairing process.

FIG. 6 shows a block diagram of a smart pen 110 that may be used inembodiments of the disclosure.

The smart pen 110 may include a writing apparatus 607 for marking orrecording on a paper or other surface. An input system 404 may beprovided with multiple sensors 601 which may sense inputs made by theuser of the smart pen 110 when writing or drawing with the smart pen110. Sensors 601 may include optical sensors, movement sensors, pressuresensors, position sensors, etc.

The smart pen 110 may include a battery 603, display 604, microphone605, and operation controls 606.

The smart pen 110 may include a processor 401 (e.g., a microprocessor)for processing the functions of the smart pen 110. The processor 401 ofthe smart pen 110 may connect to a memory 402. The memory 402 may be inthe form of a computer-readable medium that stores data andcomputer-executable instructions 403.

The memory 402 may include a device authentication and pairing component410 providing the functionality described herein.

The smart pen 110 may also include a communication component 602 forconnection to communication channels using a near field communications(NFC) capability (or near field communications medium) typically inaccordance with a standardized protocol or data transfer mechanism(e.g., ISO 14443/NFC). Near field communications capability is ashort-range communications capability, such as radio-frequencyidentification (RFID), Bluetooth, infra-red, or other data transfercapability that can be used to exchange data between the communicationcomponent 602 and an interrogation device such as the computing device120. Bluetooth is a wireless technology standard for exchanging dataover short distances (using short-wavelength UHF radio waves in the ISMband from 2.4 to 2.485 GHz), Visual Light Communication and WiFi mayalso be used as communication channels of the communication component602.

Referring now to FIG. 7, a schematic of an example of a computing device120 is shown.

A computing device 120 may be operational with numerous other generalpurpose or special purpose computing system environments orconfigurations. Examples of well-known computing systems, environments,and/or configurations that may be suitable for use with the computingdevice 120 include, but are not limited to, personal computer systems,server computer systems, thin clients, thick clients, hand-held orlaptop devices, multiprocessor systems, microprocessor-based systems,set top boxes, programmable consumer electronics, network PCs,minicomputer systems, mainframe computer systems, and distributed cloudcomputing environments that include any of the above systems or devices,and the like.

A computing device 120 may be described in the general context ofcomputer system-executable instructions, such as program modules, beingexecuted by a computer system. Generally, program modules may includeroutines, programs, objects, components, logic, data structures, and soon that perform particular tasks or implement particular abstract datatypes.

In FIG. 7, a computing device 120 is shown in the form of ageneral-purpose computing device. The components of the computing device120 may include, but are not limited to, one or more processors orprocessing units 716, a system memory 728, and a bus 718 that couplesvarious system components including system memory 728 to processor 716.

Bus 718 represents one or more of any of several types of busstructures, including a memory bus or memory controller, a peripheralbus, an accelerated graphics port, and a processor or local bus usingany of a variety of bus architectures. By way of example, and notlimitation, such architectures include Industry Standard Architecture(ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA)bus, Video Electronics Standards Association (VESA) local bus, andPeripheral Component Interconnects (PCI) bus.

A computing device 120 typically includes a variety of computer systemreadable media. Such media may be any available media that is accessibleby computing device 120, and it includes both volatile and non-volatilemedia, removable and non-removable media.

System memory 728 can include computer system readable media in the formof volatile memory, such as random access memory (RAM) 730 and/or cachememory 732. Computing device 120 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 734 can be provided forreading from and writing to a non-removable, non-volatile magnetic media(not shown and typically called a “hard drive”). Although not shown, amagnetic disk drive for reading from and writing to a removable,non-volatile magnetic disk (e.g., a “floppy disk”), and an optical diskdrive for reading from or writing to a removable, non-volatile opticaldisk such as a CD-ROM, DVD-ROM or other optical media can be provided.In such instances, each can be connected to bus 718 by one or more datamedia interfaces. As will be further depicted and described below,memory 728 may include at least one program product having a set (e.g.,at least one) of program modules that are configured to carry out thefunctions of embodiments of the invention.

Program/utility 740, having a set (at least one) of program modules 742,may be stored in memory 728 by way of example, and not limitation, aswell as an operating system, one or more application programs, otherprogram modules, and program data. Each of the operating system, one ormore application programs, other program modules, and program data orsome combination thereof, may include an implementation of a networkingenvironment. Program modules 742 generally carry out the functionsand/or methodologies of embodiments of the invention as describedherein.

A computing device 120 may also communicate with one or more externaldevices 714 such as a keyboard, a pointing device, a display 724, etc.;one or more devices that enable a user to interact with computing device120; and/or any devices (e.g., network card, modem, etc.) that enablecomputing device 120 to communicate with one or more other computingdevices. Such communication can occur via Input/Output (I/O) interfaces722. Still yet, computing device 120 can communicate with one or morenetworks such as a local area network (LAN), a general wide area network(WAN), and/or a public network (e.g., the Internet) via network adapter720. As depicted, network adapter 720 communicates with the othercomponents of computing device 120 via bus 718. It should be understoodthat although not shown, other hardware and/or software components couldbe used in conjunction with computing device 120. Examples, include, butare not limited to: microcode, device drivers, redundant processingunits, external disk drive arrays, RAID systems, tape drives, and dataarchival storage systems, etc.

The computing device 120 may include a communication component 730 whichis capable of communication with the communication component 602 of thesmart pen 110. The communication component 730 may enable connection tocommunication channels using a near field communications (NFC)capability (or near field communications medium) typically in accordancewith a standardized protocol or data transfer mechanism (e.g., ISO14443/NFC). Near field communications capability is a short-rangecommunications capability, such as radio-frequency identification(RFID), Bluetooth, infra-red, or other data transfer capability that canbe used to exchange data between the communication component 602 and aninterrogation device such as the computing device 120. Bluetooth is awireless technology standard for exchanging data over short distances(using short-wavelength UHF radio waves in the ISM band from 2.4 to2.485 GHz). Visual Light Communication and WiFi may also be used ascommunication channels of the communication component 730.

The present invention may be a system, a method, and/or a computerprogram product at any possible technical detail level of integration.The computer program product may include a computer readable storagemedium (or media) having computer readable program instructions thereonfor causing a processor to carry out aspects of the present invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, configuration data for integrated circuitry, oreither source code or object code written in any combination of one ormore programming languages, including an object oriented programminglanguage such as Smalltalk, C++, or the like, and procedural programminglanguages, such as the “C” programming language or similar programminglanguages. The computer readable program instructions may executeentirely on the user's computer, partly on the user's computer, as astand-alone software package, partly on the user's computer and partlyon a remote computer or entirely on the remote computer or server. Inthe latter scenario, the remote computer may be connected to the user'scomputer through any type of network, including a local area network(LAN) or a wide area network (WAN), or the connection may be made to anexternal computer (for example, through the Internet using an InternetService Provider). In some embodiments, electronic circuitry including,for example, programmable logic circuitry, field-programmable gatearrays (FPGA), or programmable logic arrays (PLA) may execute thecomputer readable program instructions by utilizing state information ofthe computer readable program instructions to personalize the electroniccircuitry, in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the FIG.s illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the blocks may occur out of theorder noted in the FIG.s. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

The descriptions of the various embodiments of the present inventionhave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the describedembodiments. The terminology used herein was chosen to best explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of ordinary skill in the art to understand the embodimentsdisclosed herein.

Improvements and modifications can be made to the foregoing withoutdeparting from the scope of the present invention.

What is claimed is:
 1. A smart pen for authentication for pairing with acomputing device, the smart pen comprising: a memory; and a processingunit communicatively coupled to the memory, wherein the smart penperforms a method comprising: sensing a signature event carried out by auser writing with the smart pen on an input user interface of thecomputing device; recording a signature resulting from the signatureevent; authenticating the signature by comparing the signature to astored previously recorded signature at the smart pen; and wherein,based on the authenticating being successful, activating connection ofthe smart pen with the computing device using a communication channel.2. The smart pen as claimed in claim 1, further including, onceconnection is activated, carrying out a pairing procedure includingexchanging signature data relating to the signature event andestablishing pairing of the smart pen and the computing device based onthe exchanged signature data corresponding.
 3. The smart pen as claimedin claim 2, wherein exchanging signature data sends first signature dataderived from the signature event to the computing device and receivessecond signature data from the computing device, and wherein the methodfurther includes comparing the first and second signature data to ensurethey relate to a single signature event.
 4. The smart pen as claimed inclaim 3, wherein the first signature data includes a timestamp of thesignature event at the smart pen and the second signature data includesa timestamp of the signature event at the computing device, andcomparing the first and second signature data verifies the timestampsare within a defined time period.
 5. The smart pen as claimed in claim2, wherein the signature data is an image of the signature or is dataderived from static or dynamic characteristics of the signature.
 6. Thesmart pen as claimed in claim 1, wherein the recording signature recordsmetadata of the signature including at least one of static signingcharacteristics or dynamic signing characteristics, and authenticatingthe signature compares the metadata to stored metadata of a previouslyrecorded signature.
 7. The smart pen as claimed in claim 1, whereinactivating connection includes an action selected from the groupconsisting of: unlocking the smart pen, switching on a communicationchannel at the smart pen, and locating a reference to the computingdevice's communication channel.
 8. The smart pen as claimed in claim 1,wherein authenticating the signature by comparing to a stored previouslyrecorded signature at the smart pen substantially matches the signatureto one of a plurality of stored signatures for at least one of differentcomputing devices or different users of the smart pen.
 9. The smart penas claimed in claim 1, wherein the signature event signs a graphic inputof the user in the form of one or a combination of the group of: a name,a word, a phase, a string of characters, and a drawn graphic.
 10. Acomputing device for authentication for pairing with a smart pen, thecomputing device comprising: a memory; and a processing unitcommunicatively coupled to the memory, wherein the computing deviceperforms a method comprising: receiving a signature event carried out bya user writing with the smart pen on a user interface of the computingdevice; recording a signature resulting from the signature event;authenticating the signature by comparing the signature to a storedpreviously recorded signature at the computing device; and activatingconnection of the computing device with the smart pen using acommunication channel based on the authenticating being successful. 11.The computing device as claimed in claim 10, further comprising, onceconnection is activated, carrying out a pairing procedure includingexchanging signature data relating to the signature event andestablishing pairing of the smart pen and the computing device based onthe exchanged signature data corresponding.
 12. The computing device asclaimed in claim 11, wherein exchanging signature data sends secondsignature data derived from the signature event to the smart pen andreceives first signature data from the smart pen, and wherein the methodfurther includes comparing the first and second signature data to ensurethey relate to a single signature event.
 13. The computing device asclaimed in claim 10, wherein activating connection includes an actionselected from the group consisting of: unlocking the smart pen,switching on a communication channel at the computing device, andlocating a reference to the smart pen's communication channel.
 14. Thecomputing device as claimed in claim 10, wherein authenticating thesignature by comparing to a stored previously recorded signature at thecomputing device substantially matches the signature to one of aplurality of stored signatures for at least one of different smart pensor different users of the smart pen.
 15. A computer program productcarried out at a smart pen for authentication for pairing with acomputing device, the computer program product comprising anon-transient computer readable storage medium having programinstructions embodied therewith, the program instructions executable bya processor to cause the processor to: sense a signature event carriedout by a user writing with the smart pen on an input user interface ofthe computing device; record a signature resulting from the signatureevent; authenticate the signature by comparing the signature to a storedpreviously recorded signature at the smart pen; and wherein, based onthe authenticating being successful, activate connection of the smartpen with the computing device using a communication channel.